locomotivecms 3.0.0.rc1 → 3.0.0.rc2

data/config/old-locales/devise.fr.yml

@@ -0,0 +1,68 @@
+fr:
+  errors:
+    messages:
+      not_found: "non trouvé"
+      already_confirmed: "était déjà confirmé"
+      not_locked: "n'était pas verouillé"
+
+  devise:
+    failure:
+      locomotive_account:
+        unauthenticated: "Vous devez vous connecter ou vous inscrire avant de poursuivre."
+        unconfirmed: "Vous devez confirmer votre compte avant de poursuivre."
+        locked: "Votre compte a été vérrouillé."
+        invalid: "Identifiant ou mot de passe invalide."
+        not_found_in_database: "Identifiant ou mot de passe invalide."
+        invalid_token: "Jeton d'authentification invalide."
+        timeout: "Votre session a expiré, veuillez vous reconnecter pour poursuivre."
+        inactive: "Votre compte n'a pas encore été activé."
+    sessions:
+      locomotive_account:
+        signed_in: "Connexion réussie."
+        signed_out: "Déconnexion réussie."
+    passwords:
+      locomotive_account:
+        send_instructions: "Vous allez recevoir un email avec les instructions pour réinitialiser votre mot de passe dans quelques minutes."
+        updated: "Votre mot de passe a été modifié avec succès. Vous êtes maintenant connecté."
+    confirmations:
+      locomotive_account:
+        send_instructions: "Vous allez recevoir un email avec les instruction pour confirmer votre compte dans quelques minutes."
+        confirmed: "Votre compte a été confirmé avec succès."
+    registrations:
+      locomotive_account:
+        signed_up: "Vous vous êtes inscrit avec succès. Vous allez recevoir les instructions de confirmation par email."
+        updated: "Vous avez mis à jour votre compte avec succès."
+        destroyed: "Au revoir. Votre compte a été fermé avec succès. Nous espérons vous revoir bientôt."
+    unlocks:
+      locomotive_account:
+        send_instructions: "Vous allez recevoir un email avec les instructions pour déverrouiller votre compte dans quelques minutes."
+        unlocked: "Votre compte a été déverrouillé avec succès. Vous êtes maintenant connecté."
+    mailer:
+      locomotive_account:
+        confirmation_instructions: "Instructions pour la confirmation"
+        reset_password_instructions: "Instructions pour la réinitialisation du mot de passe"
+        unlock_instructions: "Instructions pour le déverrouillage"
+
+  locomotive:
+    devise_mailer:
+      common:
+        hello: Bienvenue
+
+      confirmation_instructions:
+        you_can_confirm_your_account_through_the_link_below: "Vous pouvez confirmer votre compte via le lien ci-dessous:"
+        confirm_my_account: "Confirmer mon compte"
+      reset_password_instructions:
+        # For "Someone has requested a link to change your password, and you can do this through the link below."
+        reset_password_instruction: "Quelqu'un a demandé un lien pour changer votre mot de passe. Vous pouvez le faire via le lien ci-dessous:"
+        change_my_password: "Changer mon mot de passe"
+        # For "If you didn't request this, please ignore this email."
+        wrong_request_instruction: "Si vous n'avez pas demandé ce changement, ignorez ce message."
+        # For "Your password won't change until you access the link above and create a new one."
+        unchange_password_message: "Votre mot de passe ne sera pas changé tant vous n'aurez pas accédé au lien ci-dessus pour en créer un nouveau."
+      unlock_instructions:
+        # For "Your account has been locked due to an excessive amount of unsuccessful sign in attempts."
+        locked_account_message: "Votre compte est verrouillé par sécurité suite à un trop grand nombre d'identifications erronées."
+        # For "Click the link below to unlock your account"
+        unlock_account_instruction: "Cliquez sur le lien ci-dessous pour déverrouiller votre compte:"
+        unlock_my_account: "Déverrouiller mon compte"
+

data/config/old-locales/flash.fr.yml

@@ -0,0 +1,106 @@
+fr:
+  flash:
+    locomotive:
+      pages:
+        create:
+          notice: "La page a été créée avec succès."
+          alert: "La page n'a pas été créée."
+        update:
+          notice: "La page a été mise à jour avec succès."
+          alert: "La page n'a pas été mise à jour."
+        sort:
+          notice: "Les pages ont été ordonnées avec succès."
+        destroy:
+          notice: "La page a été supprimée avec succès."
+
+      content_entries:
+        create:
+          notice: "L'élément a été crée avec succès."
+          alert: "L'élément n'a pas été crée avec succès."
+        update:
+          notice: "L'élément a été mis à jour avec succès."
+          alert: "L'élément n'a pas été mis à jour."
+        sort:
+          notice: "Les éléments ont été ordonnés avec succès."
+        destroy:
+          notice: "L'élément a été supprimé avec succès."
+
+      content_types:
+        create:
+          notice: "Le modèle a été crée avec succès."
+          alert: "Le modèle n'a pas été crée."
+        update:
+          notice: "Le modèle a été mis à jour avec succès."
+          alert: "Le modèle n'a pas été mis à jour."
+        destroy:
+          notice: "Le modèle a été supprimé avec succès."
+
+      current_site:
+        update:
+          notice: "Mon site a été mis à jour avec succès."
+          alert: "Mon site n'a pas été mis à jour."
+
+      snippets:
+        create:
+          notice: "Le snippet a été crée avec succès."
+          alert: "Le snippet n'a pas été crée."
+        update:
+          notice: "Le snippet a été mis à jour avec succès."
+          alert: "Le snippet n'a pas été mis à jour."
+        destroy:
+          notice: "Le snippet a été supprimé avec succès."
+
+      accounts:
+        create:
+          notice: "Le compte a été crée avec succès."
+          alert: "Le compte n'a pas été crée."
+
+      my_account:
+        update:
+          notice: "Mon compte a été mis à jour avec succès."
+          alert: "Mon compte n'a pas été mis à jour."
+
+      sites:
+        create:
+          notice: "Le site a été crée avec succès."
+          alert: "Le site n'a pas été crée."
+        destroy:
+          notice: "Le site a été supprimé avec succès."
+
+      memberships:
+        create:
+          notice: "Le compte a été ajouté avec succès."
+          alert: "Le compte n'a pas été ajouté."
+          already_created: "Le compte a déjà été ajouté pour ce site."
+
+      assets:
+        create:
+          notice: "Le média a été crée avec succès."
+          alert: "Le média n'a pas été crée."
+        update:
+          notice: "Le média a été mis à jour avec succès."
+          alert: "Le média n'a pas été mis à jour."
+
+      theme_assets:
+        create:
+          notice: "Le fichier a été crée avec succès."
+          alert: "Le fichier n'a pas été crée."
+        update:
+          notice: "Le fichier a été mis à jour avec succès."
+          alert: "Le fichier n'a pas été mis à jour."
+        destroy:
+          notice: "Le fichier a été supprimé avec succès."
+
+      custom_fields:
+        update:
+          alert: "Champ non mis à jour."
+
+      cross_domain_sessions:
+        create:
+          alert: "Vous devez vous authentifier"
+
+      import:
+        create:
+          done: "Votre site a été mis à jour"
+          notice: "Votre site est en train d'être mis à jour"
+          alert: "L'import n'a pas pu se faire"

data/config/routes.rb

@@ -68,6 +68,7 @@ Locomotive::Engine.routes.draw do
     resource :current_site, controller: 'current_site' do
       get :new_domain
       get :new_locale
+      get :new_url_redirection
     end
 
     # Preview mode handled by Steam

data/lib/generators/locomotive/install/templates/carrierwave.rb

@@ -10,14 +10,19 @@ CarrierWave.configure do |config|
 
   when :production
     # the following configuration works for Amazon S3
-    config.storage          = :fog
-    config.fog_credentials  = {
-      provider:                 'AWS',
-      aws_access_key_id:        ENV['S3_KEY_ID'],
-      aws_secret_access_key:    ENV['S3_SECRET_KEY'],
-      region:                   ENV['S3_BUCKET_REGION']
+    #
+    # WARNING: add the "carrierwave-aws" gem in your Rails app Gemfile.
+    # More information here: https://github.com/sorentwo/carrierwave-aws
+    #
+    config.storage          = :aws
+    config.aws_bucket       = ENV['S3_BUCKET']
+    config.aws_acl          = 'public-read'
+
+    config.aws_credentials  = {
+      access_key_id:      ENV['S3_KEY_ID'],
+      secret_access_key:  ENV['S3_SECRET_KEY'],
+      region:             ENV['S3_BUCKET_REGION']
     }
-    config.fog_directory    = ENV['S3_BUCKET']
 
   else
     # settings for the local filesystem

data/lib/generators/locomotive/install/templates/devise.rb

@@ -1,12 +1,21 @@
-# Use this hook to configure devise mailer, warden hooks and so forth. The first
-# four configuration values can also be set straight in your models.
+# Use this hook to configure devise mailer, warden hooks and so forth.
+# Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
+  # The secret key used by Devise. Devise uses this key to generate
+  # random tokens. Changing this key will render invalid all existing
+  # confirmation, reset password and unlock tokens in the database.
+  # Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`
+  # by default. You can change it below and use your own secret key.
+  # config.secret_key = '<%= SecureRandom.hex(64) %>'
+
   # ==> Mailer Configuration
-  # Configure the e-mail address which will be shown in DeviseMailer.
-  config.mailer_sender = 'sender@dummyapp.org'
+  # Configure the e-mail address which will be shown in Devise::Mailer,
+  # note that it will be overwritten if you use your own mailer class
+  # with default "from" parameter.
+  config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
 
   # Configure the class responsible to send e-mails.
-  # config.mailer = "Locomotive::DeviseMailer"
+  # config.mailer = 'Devise::Mailer'
 
   # ==> ORM configuration
   # Load and configure the ORM. Supports :active_record (default) and
@@ -22,7 +31,7 @@ Devise.setup do |config|
   # session. If you need permissions, you should implement that in a before filter.
   # You can also supply a hash where the value is a boolean determining whether
   # or not authentication should be aborted when the value is not present.
-  # config.authentication_keys = [ :email ]
+  # config.authentication_keys = [:email]
 
   # Configure parameters from the request object used for authentication. Each entry
   # given should be a request method and it will automatically be passed to the
@@ -34,57 +43,111 @@ Devise.setup do |config|
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [ :email ]
+  config.case_insensitive_keys = [:email]
+
+  # Configure which authentication keys should have whitespace stripped.
+  # These keys will have whitespace before and after removed upon creating or
+  # modifying a user and when used to authenticate or find a user. Default is :email.
+  config.strip_whitespace_keys = [:email]
 
   # Tell if authentication through request.params is enabled. True by default.
+  # It can be set to an array that will enable params authentication only for the
+  # given strategies, for example, `config.params_authenticatable = [:database]` will
+  # enable it only for database (email + password) authentication.
   # config.params_authenticatable = true
 
-  # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+  # Tell if authentication through HTTP Auth is enabled. False by default.
+  # It can be set to an array that will enable http authentication only for the
+  # given strategies, for example, `config.http_authenticatable = [:database]` will
+  # enable it only for database authentication. The supported strategies are:
+  # :database      = Support basic authentication with authentication key + password
   # config.http_authenticatable = false
 
-  # If http headers should be returned for AJAX requests. True by default.
+  # If 401 status code should be returned for AJAX requests. True by default.
   # config.http_authenticatable_on_xhr = true
 
-  # The realm used in Http Basic Authentication. "Application" by default.
-  # config.http_authentication_realm = "Application"
+  # The realm used in Http Basic Authentication. 'Application' by default.
+  # config.http_authentication_realm = 'Application'
+
+  # It will change confirmation, password recovery and other workflows
+  # to behave the same regardless if the e-mail provided was right or wrong.
+  # Does not affect registerable.
+  # config.paranoid = true
+
+  # By default Devise will store the user in session. You can skip storage for
+  # particular strategies by setting this option.
+  # Notice that if you are skipping storage for all authentication paths, you
+  # may want to disable generating routes to Devise's sessions controller by
+  # passing skip: :sessions to `devise_for` in your config/routes.rb
+  config.skip_session_storage = [:http_auth]
+
+  # By default, Devise cleans up the CSRF token on authentication to
+  # avoid CSRF token fixation attacks. This means that, when using AJAX
+  # requests for sign in and sign up, you need to get a new CSRF token
+  # from the server. You can disable this option at your own risk.
+  # config.clean_up_csrf_token_on_authentication = true
 
   # ==> Configuration for :database_authenticatable
   # For bcrypt, this is the cost for hashing the password and defaults to 10. If
   # using other encryptors, it sets how many times you want the password re-encrypted.
-  config.stretches = 10
+  #
+  # Limiting the stretches to just one in testing will increase the performance of
+  # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
+  # a value less than 10 in other environments. Note that, for bcrypt (the default
+  # encryptor), the cost increases exponentially with the number of stretches (e.g.
+  # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
+  config.stretches = Rails.env.test? ? 1 : 10
 
   # Setup a pepper to generate the encrypted password.
-  # config.pepper = "de368d6a1517489510a2ae145328ff1c238f03b02da8f57032936a353835e2ca20561decfb5f7bfafad095fa73cee55b101ed11a0d0f913429d3d9bd114d810e"
+  config.pepper = '<%= SecureRandom.hex(64) %>'
 
   # ==> Configuration for :confirmable
-  # The time you want to give your user to confirm his account. During this time
-  # he will be able to access your application without confirming. Default is 0.days
-  # When allow_unconfirmed_access_for is zero, the user won't be able to sign in without confirming.
-  # You can use this to let your user access some features of your application
-  # without confirming the account, but blocking it after a certain period
-  # (ie 2 days).
+  # A period that the user is allowed to access the website even without
+  # confirming their account. For instance, if set to 2.days, the user will be
+  # able to access the website for two days without confirming their account,
+  # access will be blocked just in the third day. Default is 0.days, meaning
+  # the user cannot access the website without confirming their account.
   # config.allow_unconfirmed_access_for = 2.days
 
+  # A period that the user is allowed to confirm their account before their
+  # token becomes invalid. For example, if set to 3.days, the user can confirm
+  # their account within 3 days after the mail was sent, but on the fourth day
+  # their account can't be confirmed with the token any more.
+  # Default is nil, meaning there is no restriction on how long a user can take
+  # before confirming their account.
+  # config.confirm_within = 3.days
+
+  # If true, requires any email changes to be confirmed (exactly the same way as
+  # initial account confirmation) to be applied. Requires additional unconfirmed_email
+  # db field (see migrations). Until confirmed, new email is stored in
+  # unconfirmed_email column, and copied to email column on successful confirmation.
+  config.reconfirmable = true
+
   # Defines which key will be used when confirming an account
-  # config.confirmation_keys = [ :email ]
+  # config.confirmation_keys = [:email]
 
   # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
-  config.remember_for = 2.weeks
+  # config.remember_for = 2.weeks
+
+  # Invalidates all the remember me tokens when the user signs out.
+  config.expire_all_remember_me_on_sign_out = true
 
   # If true, extends the user's remember period when remembered via cookie.
   # config.extend_remember_period = false
 
   # Options to be passed to the created cookie. For instance, you can set
-  # :secure => true in order to force SSL only cookies.
-  # config.cookie_options = {}
+  # secure: true in order to force SSL only cookies.
+  # config.rememberable_options = {}
 
   # ==> Configuration for :validatable
-  # Range for password length. Default is 8..128.
-  config.password_length = 6..128
+  # Range for password length.
+  config.password_length = 6..72
 
-  # Regex to use to validate the email address
-  # config.email_regexp = /\A([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})\z/i
+  # Email regex used to validate email formats. It simply asserts that
+  # one (and only one) @ exists in the given string. This is mainly
+  # to give user feedback and not to assert the e-mail validity.
+  # config.email_regexp = /\A[^@]+@[^@]+\z/
 
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
@@ -98,7 +161,7 @@ Devise.setup do |config|
   # config.lock_strategy = :failed_attempts
 
   # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [ :email ]
+  # config.unlock_keys = [:email]
 
   # Defines which strategy will be used to unlock an account.
   # :email = Sends an unlock link to the user email
@@ -114,34 +177,32 @@ Devise.setup do |config|
   # Time interval to unlock the account if :time is enabled as unlock_strategy.
   # config.unlock_in = 1.hour
 
+  # Warn on the last attempt before the account is locked.
+  # config.last_attempt_warning = true
+
   # ==> Configuration for :recoverable
   #
   # Defines which key will be used when recovering the password for an account
-  # config.reset_password_keys = [ :email ]
+  # config.reset_password_keys = [:email]
 
   # Time interval you can reset your password with a reset password key.
   # Don't put a too small interval or your users won't have the time to
   # change their passwords.
-  config.reset_password_within = 2.hours
+  config.reset_password_within = 6.hours
+
+  # When set to false, does not sign a user in automatically after their password is
+  # reset. Defaults to true, so a user is signed in automatically after a reset.
+  # config.sign_in_after_reset_password = true
 
   # ==> Configuration for :encryptable
   # Allow you to use another encryption algorithm besides bcrypt (default). You can use
   # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
   # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
   # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
-  # REST_AUTH_SITE_KEY to pepper)
-  # config.encryptor = :sha1
-
-  # ==> Configuration for :token_authenticatable
-  # Defines name of the authentication token params key
-  # config.token_authentication_key = :auth_token
-
-  # If true, authentication through token does not store user in session and needs
-  # to be supplied on each request. Useful if you are using the token as API token.
-  # config.stateless_token = false
-  # Hint: Devise 2
-  # Devise.stateless_token was removed. If you want to have stateless tokens,
-  # simply do config.skip_session_storage << :auth_token in your initializer;
+  # REST_AUTH_SITE_KEY to pepper).
+  #
+  # Require the `devise-encryptable` gem when using anything other than bcrypt
+  # config.encryptor = :sha512
 
   # ==> Scopes configuration
   # Turn scoped views on. Before rendering "sessions/new", it will first check for
@@ -151,11 +212,10 @@ Devise.setup do |config|
 
   # Configure the default scope given to Warden. By default it's the first
   # devise role declared in your routes (usually :user).
-  # config.default_scope = :account
+  # config.default_scope = :user
 
-  # Configure sign_out behavior.
-  # Sign_out action can be scoped (i.e. /users/sign_out affects only :user scope).
-  # The default is true, which means any logout action will sign out all active scopes.
+  # Set this configuration to false if you want /users/sign_out to sign out
+  # only the current scope. By default, Devise signs out all scopes.
   # config.sign_out_all_scopes = true
 
   # ==> Navigation configuration
@@ -166,25 +226,37 @@ Devise.setup do |config|
   # If you have any extra navigational formats, like :iphone or :mobile, you
   # should add them to the navigational formats lists.
   #
-  # The :"*/*" and "*/*" formats below is required to match Internet
-  # Explorer requests.
-  # config.navigational_formats = [:"*/*", "*/*", :html]
+  # The "*/*" below is required to match Internet Explorer requests.
+  # config.navigational_formats = ['*/*', :html]
 
-  # The default HTTP method used to sign out a resource. Default is :get.
-  # config.sign_out_via = :get
+  # The default HTTP method used to sign out a resource. Default is :delete.
+  config.sign_out_via = :delete
 
   # ==> OmniAuth
   # Add a new OmniAuth provider. Check the wiki for more information on setting
   # up on your models and hooks.
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
+  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
 
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.
   #
   # config.warden do |manager|
-  #   manager.failure_app   = AnotherApp
   #   manager.intercept_401 = false
-  #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
+  #   manager.default_strategies(scope: :user).unshift :some_external_strategy
   # end
+
+  # ==> Mountable engine configurations
+  # When using Devise inside an engine, let's call it `MyEngine`, and this engine
+  # is mountable, there are some extra configurations to be taken into account.
+  # The following options are available, assuming the engine is mounted as:
+  #
+  #     mount MyEngine, at: '/my_engine'
+  #
+  # The router that invoked `devise_for`, in the example above, would be:
+  # config.router_name = :my_engine
+  #
+  # When using OmniAuth, Devise cannot automatically set OmniAuth path,
+  # so you need to do it manually. For the users scope, it would be:
+  # config.omniauth_path_prefix = '/my_engine/users/auth'
 end